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DETAILED ACTION 

1. Claims 1-21 are pending 

Claim Rejections - 35 USC §112 

2. 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 4, 10 and 16 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

The above claims claim the limitation "any other form of cryptography." The 
Examiner considers the aforementioned limitation indefinite. 

* 

Claim Rejections - 35 USC § 103 

3. 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 
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were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

Claims 1-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Brickell (US 20030145223). 

Regarding Claims 1,7 and 13 

Brickell teaches a method for a first Web service provider to invoke a service 
hosted on a second Web service provider on behalf of a principal in a computer 
environment, comprising the steps of: 

said principal logging in with a discovery service; said discovery service passing 
to said principal an identity assertion associated with said principal and a discovery 
service descriptor associated with said discovery service for use by principal for future 
authentication; ("By subscribing to a digital credential service, a user may receive a digital 
certificate (discussed in reference to Fig. 4) which certifies the user's digital credential service 
registration with the DCSP" Paragraph [0028]). The Examiner interprets the principal as the 
user, the discovery service as the digital credential sen/ice, and the "identity assertion 
associated with principal and discovery service descriptor" as the digital certificate which 
certifies the user's digital credential service registration with the DCSP. 
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said principal authenticating using said identity assertion and using said 
discovery service descriptor at a Web service client, said Web service client 
linking to and representing a desired commerce site of said principal; ("A digital 
delegate certificate may be issued to a delegate when a delegation is registered with the 
DCSP. The delegate certificate may comprise the identity of the delegate, the identity of the 
delegator, a delegation specification, a certified delegator signature, and a certified delegate 
signature. (Paragraph [0035])" The Examiner interprets the Web service client as the delegate. 

in response to an action related to said desired commercial site, said Web 
service client requesting a first service descriptor associated with said first Web service 
and a first service assertion associated with said first Web service from said discovery 
service; ("The delegate, when a need arises, requests, at act 330, a service from the relying 
part. The delegate signs this request and a request for the release of any necessary credential 
information with his private signature key. Upon receiving the service request from the 
delegate, the relying party requests, at act 340, credential information from the DCSP. The 
DCSP retrieves the requested credential information that is previously registered and stored, 
. verifies that it is allowed to release this information, and sends, at act 350 the requested 
credential information back to the relying party. With the returned credential information, the 
relying party authenticates the delegate based on the credential information. " Paragraph 
[0033]) 

in response to receiving said first service descriptor and said first service 
assertion, said Web service client invoking a desired service at said first Web service; 
("The credential determiner may, based on the type of service requested, determine the 
credential requirements that are needed for authentication purposes." Paragraph [0037]) ("Based 
on credential information, the credential verification mechanism verifies that the delegated 
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credential is valid and that it satisfies the authentication requirement The service response 
generation mechanism then constructs the service response according to the verification 
results" Paragraph [0041]) In order to decide what type of service is requested, first a 
description of the service must be inherently received. The Examiner interprets the service 
assertion as the credential verification information. 

Brickell further teaches, "a user may have to furnish a service provider with 
information that proves that the user... has resources to pay for the service" (Paragraph 
[0003]) which the Examiner interprets as anticipating a "commerce site." 

Brickell does not explicitly teach where upon said first Web service determining a 
need to invoke a second desired service at a second Web service, said first Web 
service requesting from said discovery service a second service descriptor associated 
with said second Web service and a second service assertion associated with said 
second Web service; 

and in response to receiving said request for said second service descriptor and 
said second service assertion, said discovery service adding said second service 
assertion to said first service assertion and subsequently passing said first service 
assertion and said second service descriptor to said first Web service; 

in response to receiving said first service assertion and second service 
descriptor, said first Web service invoking said desired second service at said 
second Web service. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to repeat Brickell's method of invoking a service from a delegate, requesting 



Application/Control Number: 1 0/801 ,406 Page 6 

Art Unit: 2139 

a description of the service as well as a service assertion, and upon receiving the 
assertion and descriptor invoking the desired service. 

The motivation is that Brickell already performs the method once and has the 
necessary capabilities to perform the method again. For Example the DCSP stores 
delegation relationships, and Figure 2, shows a plurality of Delegation pairs. Without 
any modification to the system, one of ordinary skill would be able to execute the 
method of the first Web Service invoking a second desired service, by simply making a 
new delegation pair, of which the original Web Service is the Delegator and the second 
Web Service is the new Delegate. 

Figure 2, shows the apparatus for performing the method described. 
It is inherent that this method is performed by instructions on a medium 
executable by a computer. 

Regarding Claims 2, 8 and 14 

Brickell teaches the method of claim 1, wherein said first Web service invokes 
one or more services hosted on one or more Web servers. ("When a party (e.g. 
delegator) delegates certain authority to another party (e.g. delegate) the delegate may use the 
delegated authority to request authorized services" Paragraph [0007]) 
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Figure 2, shows the apparatus for performing the method described. 
It is inherent that this method is performed by instructions on a medium 
executable by a computer. 

Regarding Claims 3, 9 and 15 

Brickell teaches the method of claim 1 , wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of 
a federation relationship in which each member trusts said discovery service. 

( The Delegators (210a), Delegates (210b), Relying Party (230) and Delegation 
Credential Service Provider (250) are in a federation relationship in which each member trusts 
the DCSP. See Figure 2) 

Figure 2, shows the apparatus for performing the method described. 
It is inherent that this method is performed by instructions on a medium 
executable by a computer. 

Regarding Claim 4, 10 and 16 

Brickell teaches the method of claim 1 , wherein said service assertion: a 
notarization by said discovery service. ("For each service request, the relying party may 
determine the credential requirements needed for the service and then accordingly request the 
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needed credential information from the DCSP" Paragraph [0030]) ("The DCSP may verify the 
credential information with outside agencies" Paragraph [0032]) 

Figure 2, shows the apparatus for performing the method described. 
It is inherent that this method is performed by instructions on a medium 
executable by a computer. 

Regarding Claims 5, 11 and 17 

Brickell the method of claim 4, wherein said service assertion is implemented 
using a string. ("When the credential information request mechanism receives the requested 
credential information from the DCSP, it may parse the information and then pass the 
information to the credential verification mechanism" Paragraph [0040]) 

The Examiner interprets in order to parse, in the field of computer science, one 
must first have a string. 

Figure 2, shows the apparatus for performing the method described. 
It is inherent that this method is performed by instructions on a medium 
executable by a computer. 



Regarding Claim 6, 12 and 18 
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Brickell teaches the method of claim 1. While Brickell does teach different types 
of services, where a service descriptor is inherently necessary before comparing 
credential requirements needed for the service. 

However Brickell does not explicitly teach what form the descriptor takes. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to have the service descriptor comprises of a String. 

The motivation is one of ordinary skill would be able to describe a service with a 
string of text. 

Figure 2, shows the apparatus for performing the method described. 
It is inherent that this method is performed by instructions on a medium 
executable by a computer. 

Regarding Claims 19-21, 

Brickell teaches a method for a first Web service provider to invoke a service 
hosted on a second Web service provider on behalf of a principal in a computer 
environment, comprising the steps of: 

said principal logging in with a discovery service; said discovery service passing 
to said principal an identity assertion associated with said principal and a discovery 
service descriptor associated with said discovery service for use by principal for future 
authentication; ("By subscribing to a digital credential service, a user may receive a digital 
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certificate (discussed in reference to Fig. 4) which certifies the user's digital credential service 
registration with the DCSP" Paragraph [0028]). The Examiner interprets the principal as the 
user, the discovery service as the digital credential service, and the "identity assertion 
associated with principal and discovery service descriptor" as the digital certificate which 
certifies the user's digital credential service registration with the DCSP. 

said principal authenticating using said identity assertion and using said 
discovery service descriptor at a Web service client, said Web service client 
linking to and representing a desired commerce site of said principal; ("A digital 
delegate certificate may be issued to a delegate when a delegation is registered with the 
DCSP. The delegate certificate may comprise the identity of the delegate, the identity of the 
delegator, a delegation specification, a certified delegator signature, and a certified delegate 
signature. (Paragraph [0035])" The Examiner interprets the Web service client as the delegate. 

in response to an action related to said desired commercial site, said Web 
service client requesting a first service descriptor associated with said first Web service 
and a first service assertion associated with said first Web service from said discovery 
service; ("The delegate, when a need arises, requests, at act 330, a service from the relying 
part. The delegate signs this request and a request for the release of any necessary credential 
information with his private signature key. Upon receiving the service request from the 
delegate, the relying party requests, at act 340, credential information from the DCSP. The 
DCSP retrieves the requested credential information that is previously registered and stored, 
verifies that it is allowed to release this information, and sends, at act 350 the requested 
credential information back to the relying party. With the returned credential information, the 
relying party authenticates the delegate based on the credential information. " Paragraph 
[0033]) 
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in response to receiving said first service descriptor and said first service 
assertion, said Web service client invoking a desired service at said first Web service; 
f The credential determiner may, based on the type of service requested, determine the 
credential requirements that are needed for authentication purposes. " Paragraph [0037]) ("Based 
on credential information, the credential verification mechanism verifies that the delegated 
credential is valid and that it satisfies the authentication requirement The service response 
generation mechanism then constructs the service response according to the verification 
results" Paragraph [0041]) In order to decide what type of service is requested, first a 
description of the service must be inherently received. The Examiner interprets the service 
assertion as the credential verification information. 

Brickell does not explicitly teach where upon said first Web service determining a 
need to invoke a second desired service at a second Web service, said first Web 
service requesting from said discovery service a second service descriptor associated 
with said second Web service and a second service assertion associated with said 
second Web service; 

and in response to receiving said request for said second service descriptor and 
said second service assertion, said discovery service adding said second service 
assertion to said first service assertion and subsequently passing said first service 
assertion and said second service descriptor to said first Web service; 

in response to receiving said first service assertion and second service 
descriptor, said first Web service invoking said desired second service at said 
second Web service. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to repeat Brickell's method of invoking a service from a delegate, requesting 
a description of the service as well as a service assertion, and upon receiving the 
assertion and descriptor invoking the desired service. 

The motivation is that Brickell already performs the method once and has the 
necessary capabilities to perform the method again. For Example the DCSP stores 
delegation relationships, and Figure 2, shows a plurality of Delegation pairs. Without 
any modification to the system, one of ordinary skill would be able to execute the 
method of the first Web Service invoking a second desired service, by simply making a 
new delegation pair, of which the original Web Service is the Delegator and the second 
Web Service is the new Delegate. 

Brickell further does not teach that the first and second services are performed 
on Web servers. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to implement services on Web Servers. 

The motivation is it is well known to implement services on Web Servers. 

Figure 2, shows the apparatus for performing the method described. 
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It is inherent that this method is performed by instructions on a medium 
executable by a computer. 

Conclusion 

4. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Harris C. Wang whose telephone number is 
5712701462. The examiner can normally be reached on M-F 8-5:30, Alternate Fridays 
Off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, AYAZ R. SHEIKH can be reached on (571)272-3795. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information • 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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